Robert Watson [Mon, 6 Feb 2006 02:00:06 +0000 (02:00 +0000)]
Prefer AUE_FOO audit identifiers to AUE_O_FOO, which are largely left
over from the Darwin implementation.
When we implement a system call as a wrapper to sysctl(), audit it as
AUE_SYSCTL. This leads to greater compatibility with Solaris audit
trails as sysctl() argument tokens are not the same as the ones for
the originaly system calls (i.e., setdomainname()).
Replace references to AUE_ events that are equivilent to AUE_NULL with
AUE_NULL. In the case of process signal configuration, this is
because these events do not require auditing.
Move from the Darwin spelling of getsockopt() to the FreeBSD/Solaris
one.
Robert Watson [Mon, 6 Feb 2006 01:51:08 +0000 (01:51 +0000)]
When exiting a thread, submit any pending record. Today, we don't
audit thread exit, but should that happen, this will prevent
unhappiness, as the thread exit system call will never return, and
hence not commit the record.
Pointed out by/with: cognet
Obtained from: TrustedBSD Project
Robert Watson [Mon, 6 Feb 2006 00:06:04 +0000 (00:06 +0000)]
Vendor branch import of OpenBSM 1.0 alpha 3:
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.
Many thanks to: brueffer, cognet
Obtained from: TrustedBSD Project
Robert Watson [Sun, 5 Feb 2006 23:28:01 +0000 (23:28 +0000)]
Assign audit event identfiers to Xenix system calls. Note: AUE_EACCESS
is assigned to xenix_eaccess() instead of AUE_ACCESS, as that is the
intended meaning of the system call. xenix_eaccess() should be
reimplemented using our native eaccess() implementation so that it
works as intended.
Robert Watson [Sun, 5 Feb 2006 21:06:09 +0000 (21:06 +0000)]
When GC'ing a thread, assert that it has no active audit record.
This should not happen, but with this assert, brueffer and I would
not have spent 45 minutes trying to figure out why he wasn't
seeing audit records with the audit version in CVS.
Ceri Davies [Sun, 5 Feb 2006 19:23:05 +0000 (19:23 +0000)]
The rpc.pcnfsd server was in the base for a little over seven minutes
back in 1994. Change the example entry to point at the port, as per
the entries for uucpd et al.
Robert Watson [Sun, 5 Feb 2006 15:42:01 +0000 (15:42 +0000)]
Add AUDITVNODE[12] flags to namei(), which cause namei() to audit path
and vnode attribute information for looked up vnodes during the lookup
operation. This will allow consumers of namei() to specify that this
information be added to the in-process audit record.
Warner Losh [Sat, 4 Feb 2006 23:32:13 +0000 (23:32 +0000)]
Import support for the Atmel AT91RM9200 CPU/Microcontroller. This SoC
is a ARM920T based CPU with a bunch of built-in peripherals. The
inital import supports the SPI bus, the TWI bus (although iicbus
integration is not complete), the uarts, the system timer and the
onboard ethernet. Support for the Kwikbyte KB9202
(http://www.kwikbyte.com) board is also included, although there's no
reason why the 9200 and the 9201 wouldn't also work. Primitive
support for running under the skyeye emulator is also provided
(although skyeye's support for the AT91RM9200 is a little weak).
The code has been structured so that other members of Atmel's arm family can
be supported in the future. The AT91SAM9260 is not presently supported
due to lack of hardware. The arm7tdmi families are also not supported
becasue they lack an MMU.
Many thanks to cognet@ for his help and assistance in bringing up this
board. He did much of the vm work and wrote parts of the uart and
system timer code as well as the bus space implementation.
The system boots to single user w/o problem, although the serial
console is a little slow and the ethernet driver is still in flux.
This work was sponsored by Timing Solutions, Corporation. I am
grateful to their support of the FreeBSD project in this manner.
Marius Strobl [Sat, 4 Feb 2006 23:30:09 +0000 (23:30 +0000)]
Enable getty(8) on ttyu2 by default in order to get machines that use a
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.
Marius Strobl [Sat, 4 Feb 2006 23:27:16 +0000 (23:27 +0000)]
- Add support for using LOM (Lights Out Management) and RSC (Remote System
Control) devices as console. These are microcontrollers which are either
on-board or part of an add-on card and provide terminal server, remote
power switch and monitoring functionality. For console usage these are
connected to the rest of the system via a SCC or an UART. This commit adds
support for the following variants (corresponds to what 'input-device' and
'output-device' have to be set to):
rsc found on-board in E250 and supposedly some Netra, connected
via a SAB82532, com. parameters can be determined via OFW
rsc-console RSC card found in E280R, Fire V4x0, Fire V8x0, connected
via a NS16550, hardwired to 115200 8N1
lom-console LOMlite2 card found in Netra 20/T4, connected via a NS16550,
hardwired to 9600 8N1
- Add my copyright to uart_cpu_sparc64.c as I've rewritten about one third
of that file over time.
Tested on: E250, E280R
Thanks to: dwhite@ for providing access to an E280R
OK'ed by: marcel
MFC after: 1 week
Warner Losh [Sat, 4 Feb 2006 22:51:03 +0000 (22:51 +0000)]
Silence the strict-alias warnings. Make a trip through (void *) when
casting a structure to a uint32_t *. Many drivers in the tree do this, but
I'll not update them until these changes can be reviewed by the pedantic
standards folks.
Wayne Salamon [Sat, 4 Feb 2006 20:20:02 +0000 (20:20 +0000)]
Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
Bill Paul [Sat, 4 Feb 2006 19:42:49 +0000 (19:42 +0000)]
When ndis_attach() runs, it has to very briefly initialize the card
in order to query the underlying Windows driver for the station address
and some other properties. There is a slim chance that the card may
receive a packet and indicate it up to us before ndis_attach() can call
ndis_halt_nic(). This is bad, because both the softc structure and
the ifnet structure aren't fully initialized yet: many pointers are
still NULL, so if we make it into ndis_rxeof(), we will panic.
To fix this, we need to do the following:
- Move the calls to IoAllocateWorkItem() to before the call to ndis_init_nic().
- Move the initialization of the RX DPC and status callback function pointers
to before ndis_init_nic() as well.
- Modify ndis_rxeof() to check if the IFF_DRV_RUNNING flag is set. If it
isn't, we return any supplied NDIS_PACKETs to the NIC without processing
them.
This fixes a crash than can occur when activating a wireless NIC in
close proximity to a very busy wireless network, reported by Ryan
Beasley (ryan%^$!ATgoddamnbastard-****!!!DOTorg.
Robert Watson [Sat, 4 Feb 2006 18:29:51 +0000 (18:29 +0000)]
Add a brief FREEBSD-upgrade file to provide direction on how to perform
OpenBSM upgrades. Right now, this is very easy, but in the future it
will probably become more complicated.
Robert Watson [Sat, 4 Feb 2006 18:24:06 +0000 (18:24 +0000)]
Add a -A argument to mergemaster to allow explicitly specifying an
architecture to pass through to the underlying makefiles. This is
quite useful when building on an i386 box to populate an amd64 NFS
root.
Don't forget to set the address of the next descriptor to 0 when we're
zeroing a physical page, or we could end up re-zeroing portions of
memory we have zeroed before, which is clearly not wanted.
Scott Long [Sat, 4 Feb 2006 17:56:17 +0000 (17:56 +0000)]
Squash another use of vtophys. Instead of creating separate busdma objects
for doing static memory transfers, start collecting them into a single
object.
MFi386:
revision 1.288
date: 2006/02/04 14:11:33; author: wsalamon; state: Exp; lines: +4 -1
Hook up the audit system to system call entry and exit. System calls will
now be audited.
Robert Watson [Sat, 4 Feb 2006 13:22:44 +0000 (13:22 +0000)]
Merge OpenBSM 1.0 alpha 2 kernel audit events into src/sys/bsm. Almost
entirely new audit event identifiers for FreeBSD, Linux, and POSIX.1b
system calls.
Robert Watson [Sat, 4 Feb 2006 13:17:48 +0000 (13:17 +0000)]
Import OpenBSM 1.0 alpha 2, a minor update on alpha 1:
- Man page formatting improvements.
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
events.
- Remove 'tfm' class, unused in OpenBSM.
Rink Springer [Sat, 4 Feb 2006 10:01:33 +0000 (10:01 +0000)]
Patch to allow XBox-users to use the onboard nve(4) nForce ethernet driver.
The patch crudely forces the NIC out of operating mode before the nve(4)
driver can initialize it; this is required to properly initialize the NIC.
It is XBox-specific, as this condition can only occur on XBoxes (Most loaders
will simply leave the NIC running, forcing us to use a crude workaround like
this to get it in a workable condition). Due to the XBox-only aspect, this has
been solved in XBox-specific initialization code and not within nve(4).
Matt Jacob [Sat, 4 Feb 2006 08:39:02 +0000 (08:39 +0000)]
Actually, no, I had it wrong in 1.109. The arguments to bus_dma_create_tag
are bus_addr_t, not bus_size_t.
In any case, turn off DAC support entirely until it is revamped to actually
work *correctly* for 64 bit platforms (not using a PAE definition and for
both initiator and target mode).
Warner Losh [Sat, 4 Feb 2006 08:15:29 +0000 (08:15 +0000)]
Remove ifdef notyet for SIOCGHWADDR
Treat SIOCADDMULTI and SIOCDELMULTI the same, since they had the same code
Remove redundant assignment to error
Convert to using the altq interface completely.
Tai-hwa Liang [Sat, 4 Feb 2006 08:07:00 +0000 (08:07 +0000)]
s/bin/sbin/ for mount_nwfs, mount_portalfs and mount_smbfs. They never
lived in bin since 1994.
Whilst here, also document the removal time of aforementioned utilities
as well.
Hajimu UMEMOTO [Sat, 4 Feb 2006 07:59:17 +0000 (07:59 +0000)]
Never select the PCB that has INP_IPV6 flag and is bound to :: if
we have another PCB which is bound to 0.0.0.0. If a PCB has the
INP_IPV6 flag, then we set its cost higher than IPv4 only PCBs.